diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..c12eb7997 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,316 @@ +# Copyright 2024 NVIDIA CORPORATION +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: CI + +on: + pull_request: + types: + - opened + - synchronize + branches: + - master + - release-* + push: + branches: + - master + - release-* + +jobs: + ### Configuration checks ### + helm-lint: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Helm + uses: azure/setup-helm@v4.2.0 + id: install + - run: helm lint deployments/gpu-operator/ + validate-csv: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Get Golang version + id: vars + run: | + GOLANG_VERSION=$( grep "GOLANG_VERSION ?=" versions.mk ) + echo "GOLANG_VERSION=${GOLANG_VERSION##GOLANG_VERSION ?= }" >> $GITHUB_ENV + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOLANG_VERSION }} + - run: make validate-csv + validate-helm-values: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Get Golang version + id: vars + run: | + GOLANG_VERSION=$( grep "GOLANG_VERSION ?=" versions.mk ) + echo "GOLANG_VERSION=${GOLANG_VERSION##GOLANG_VERSION ?= }" >> $GITHUB_ENV + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOLANG_VERSION }} + - run: make validate-helm-values + + ### Golang checks and build ### + go-check: + needs: [helm-lint, validate-csv, validate-helm-values] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + name: Checkout code + - name: Get Golang version + id: vars + run: | + GOLANG_VERSION=$( grep "GOLANG_VERSION ?=" versions.mk ) + echo "GOLANG_VERSION=${GOLANG_VERSION##GOLANG_VERSION ?= }" >> $GITHUB_ENV + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOLANG_VERSION }} + - name: Lint + uses: golangci/golangci-lint-action@v5 + with: + version: latest + args: -v --timeout 5m + skip-cache: true + - run: make check + go-test: + needs: [helm-lint, validate-csv, validate-helm-values] + name: unit tests + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Get Golang version + id: vars + run: | + GOLANG_VERSION=$( grep "GOLANG_VERSION ?=" versions.mk ) + echo "GOLANG_VERSION=${GOLANG_VERSION##GOLANG_VERSION ?= }" >> $GITHUB_ENV + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOLANG_VERSION }} + - run: make coverage + go-build: + needs: [helm-lint, validate-csv, validate-helm-values] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + name: Checkout code + - run: make docker-build + + ### Image builds ### + build-gpu-operator: + needs: [go-check, go-test, go-build] + runs-on: ubuntu-latest + strategy: + matrix: + dist: [ubi8] + steps: + - uses: actions/checkout@v4 + name: Check out code + - name: Calculate build vars + id: vars + run: | + echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV + echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV + REPO_FULL_NAME="${{ github.event.pull_request.head.repo.full_name }}" + echo "${REPO_FULL_NAME}" + echo "LABEL_IMAGE_SOURCE=https://github.com/${REPO_FULL_NAME}" >> $GITHUB_ENV + + GENERATE_ARTIFACTS="false" + if [[ "${{ github.actor }}" == "dependabot[bot]" ]]; then + GENERATE_ARTIFACTS="false" + elif [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then + GENERATE_ARTIFACTS="true" + elif [[ "${{ github.event_name }}" == "push" ]]; then + GENERATE_ARTIFACTS="true" + fi + echo "PUSH_ON_BUILD=${GENERATE_ARTIFACTS}" >> $GITHUB_ENV + echo "BUILD_MULTI_ARCH_IMAGES=${GENERATE_ARTIFACTS}" >> $GITHUB_ENV + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build image + env: + IMAGE_NAME: ghcr.io/${LOWERCASE_REPO_OWNER}/gpu-operator + VERSION: ${COMMIT_SHORT_SHA} + run: | + echo "${VERSION}" + make build-${{ matrix.dist }} + build-gpu-operator-validator: + needs: [go-check, go-test, go-build] + runs-on: ubuntu-latest + strategy: + matrix: + dist: [ubi8] + steps: + - uses: actions/checkout@v4 + name: Check out code + - name: Calculate build vars + id: vars + run: | + echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV + echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV + REPO_FULL_NAME="${{ github.event.pull_request.head.repo.full_name }}" + echo "${REPO_FULL_NAME}" + echo "LABEL_IMAGE_SOURCE=https://github.com/${REPO_FULL_NAME}" >> $GITHUB_ENV + + GENERATE_ARTIFACTS="false" + if [[ "${{ github.actor }}" == "dependabot[bot]" ]]; then + GENERATE_ARTIFACTS="false" + elif [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then + GENERATE_ARTIFACTS="true" + elif [[ "${{ github.event_name }}" == "push" ]]; then + GENERATE_ARTIFACTS="true" + fi + echo "PUSH_ON_BUILD=${GENERATE_ARTIFACTS}" >> $GITHUB_ENV + echo "BUILD_MULTI_ARCH_IMAGES=${GENERATE_ARTIFACTS}" >> $GITHUB_ENV + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build image + env: + IMAGE_NAME: ghcr.io/${LOWERCASE_REPO_OWNER}/gpu-operator/gpu-operator-validator + VERSION: ${COMMIT_SHORT_SHA} + SUBCOMPONENT: validator + run: | + echo "${VERSION}" + make build-${{ matrix.dist }} + + ### e2e tests ### + e2e-tests-containerd: + needs: [build-gpu-operator, build-gpu-operator-validator] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + name: Check out code + - name: Set up Holodeck + uses: NVIDIA/holodeck@main + with: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_ssh_key: ${{ secrets.AWS_SSH_KEY }} + holodeck_config: "tests/holodeck.yaml" + - name: Get public dns name + id: get_public_dns_name + uses: mikefarah/yq@master + with: + cmd: yq '.status.properties[] | select(.name == "public-dns-name") | .value' /github/workspace/.cache/holodeck.yaml + - name: Calculate test vars + id: vars + run: | + COMMIT_SHORT_SHA=${GITHUB_SHA:0:8} + echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV + LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}') + echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV + + echo "OPERATOR_VERSION=${COMMIT_SHORT_SHA}-ubi8" >> $GITHUB_ENV + echo "OPERATOR_IMAGE=ghcr.io/${LOWERCASE_REPO_OWNER}/gpu-operator" >> $GITHUB_ENV + echo "VALIDATOR_VERSION=${COMMIT_SHORT_SHA}-ubi8" >> $GITHUB_ENV + echo "VALIDATOR_IMAGE=ghcr.io/${LOWERCASE_REPO_OWNER}/gpu-operator/gpu-operator-validator" >> $GITHUB_ENV + + echo "instance_hostname=ubuntu@${{ steps.get_public_dns_name.outputs.result }}" >> $GITHUB_ENV + echo "private_key=${{ github.workspace }}/key.pem" >> $GITHUB_ENV + - name: Run e2e tests + env: + GPU_PRODUCT_NAME: "Tesla-T4" + SKIP_LAUNCH: "true" + CONTAINER_RUNTIME: "containerd" + TEST_CASE: "./tests/cases/defaults.sh" + run: | + echo "${{ secrets.AWS_SSH_KEY }}" > ${private_key} && chmod 400 ${private_key} + ./tests/ci-run-e2e.sh ${OPERATOR_IMAGE} ${OPERATOR_VERSION} ${VALIDATOR_IMAGE} ${VALIDATOR_VERSION} ${GPU_PRODUCT_NAME} ${TEST_CASE} || rc=$? + ./tests/scripts/pull.sh /tmp/logs logs + exit $rc + - name: Archive test logs + if: ${{ failure() }} + uses: actions/upload-artifact@v4 + with: + name: containerd-e2e-test-logs + path: ./logs/ + retention-days: 15 + + e2e-tests-nvidiadriver: + needs: [build-gpu-operator, build-gpu-operator-validator] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + name: Check out code + - name: Set up Holodeck + uses: NVIDIA/holodeck@main + with: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_ssh_key: ${{ secrets.AWS_SSH_KEY }} + holodeck_config: "tests/holodeck.yaml" + - name: Get public dns name + id: get_public_dns_name + uses: mikefarah/yq@master + with: + cmd: yq '.status.properties[] | select(.name == "public-dns-name") | .value' /github/workspace/.cache/holodeck.yaml + - name: Calculate test vars + id: vars + run: | + COMMIT_SHORT_SHA=${GITHUB_SHA:0:8} + echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV + LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}') + echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV + + echo "OPERATOR_VERSION=${COMMIT_SHORT_SHA}-ubi8" >> $GITHUB_ENV + echo "OPERATOR_IMAGE=ghcr.io/${LOWERCASE_REPO_OWNER}/gpu-operator" >> $GITHUB_ENV + echo "VALIDATOR_VERSION=${COMMIT_SHORT_SHA}-ubi8" >> $GITHUB_ENV + echo "VALIDATOR_IMAGE=ghcr.io/${LOWERCASE_REPO_OWNER}/gpu-operator/gpu-operator-validator" >> $GITHUB_ENV + + echo "instance_hostname=ubuntu@${{ steps.get_public_dns_name.outputs.result }}" >> $GITHUB_ENV + echo "private_key=${{ github.workspace }}/key.pem" >> $GITHUB_ENV + - name: Run e2e tests + env: + GPU_PRODUCT_NAME: "Tesla-T4" + SKIP_LAUNCH: "true" + CONTAINER_RUNTIME: "containerd" + TEST_CASE: "./tests/cases/nvidia-driver.sh" + run: | + echo "${{ secrets.AWS_SSH_KEY }}" > ${private_key} && chmod 400 ${private_key} + ./tests/ci-run-e2e.sh ${OPERATOR_IMAGE} ${OPERATOR_VERSION} ${VALIDATOR_IMAGE} ${VALIDATOR_VERSION} ${GPU_PRODUCT_NAME} ${TEST_CASE} || rc=$? + ./tests/scripts/pull.sh /tmp/logs logs + exit $rc + - name: Archive test logs + if: ${{ failure() }} + uses: actions/upload-artifact@v4 + with: + name: nvidiadriver-e2e-test-logs + path: ./logs/ + retention-days: 15 diff --git a/assets/state-driver/0210_clusterrole.yaml b/assets/state-driver/0210_clusterrole.yaml index 6bdb2c527..e62fbf316 100644 --- a/assets/state-driver/0210_clusterrole.yaml +++ b/assets/state-driver/0210_clusterrole.yaml @@ -35,9 +35,6 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get diff --git a/assets/state-mig-manager/0200_role.yaml b/assets/state-mig-manager/0200_role.yaml index 4373fa362..5396cbeaa 100644 --- a/assets/state-mig-manager/0200_role.yaml +++ b/assets/state-mig-manager/0200_role.yaml @@ -17,4 +17,7 @@ rules: resources: - pods verbs: - - '*' + - get + - list + - watch + - delete diff --git a/assets/state-mig-manager/0210_clusterrole.yaml b/assets/state-mig-manager/0210_clusterrole.yaml index 37e115af9..2e9e9e8b9 100644 --- a/assets/state-mig-manager/0210_clusterrole.yaml +++ b/assets/state-mig-manager/0210_clusterrole.yaml @@ -8,4 +8,8 @@ rules: resources: - nodes verbs: - - '*' + - get + - list + - watch + - update + - patch diff --git a/assets/state-node-status-exporter/0300_clusterrole.yaml b/assets/state-node-status-exporter/0300_clusterrole.yaml index 245c84005..6f91fe237 100644 --- a/assets/state-node-status-exporter/0300_clusterrole.yaml +++ b/assets/state-node-status-exporter/0300_clusterrole.yaml @@ -8,4 +8,6 @@ rules: resources: - nodes verbs: - - '*' + - get + - list + - watch diff --git a/assets/state-operator-validation/0200_role.yaml b/assets/state-operator-validation/0200_role.yaml index b67209295..5c464f4e7 100644 --- a/assets/state-operator-validation/0200_role.yaml +++ b/assets/state-operator-validation/0200_role.yaml @@ -17,11 +17,18 @@ rules: resources: - pods verbs: - - '*' + - create + - get + - list + - watch + - update + - patch + - delete - apiGroups: - apps resources: - - deployments - daemonsets verbs: - - '*' + - get + - list + - watch diff --git a/assets/state-operator-validation/0210_clusterrole.yaml b/assets/state-operator-validation/0210_clusterrole.yaml index c7a13b95f..346afc339 100644 --- a/assets/state-operator-validation/0210_clusterrole.yaml +++ b/assets/state-operator-validation/0210_clusterrole.yaml @@ -8,10 +8,6 @@ rules: resources: - nodes verbs: - - '*' -- apiGroups: - - nvidia.com - resources: - - clusterpolicies/finalizers - verbs: - - '*' + - get + - list + - watch diff --git a/assets/state-sandbox-device-plugin/0500_daemonset.yaml b/assets/state-sandbox-device-plugin/0500_daemonset.yaml index 6c9e2c24a..f99b6f075 100644 --- a/assets/state-sandbox-device-plugin/0500_daemonset.yaml +++ b/assets/state-sandbox-device-plugin/0500_daemonset.yaml @@ -67,6 +67,8 @@ spec: volumeMounts: - name: device-plugin mountPath: /var/lib/kubelet/device-plugins + - name: vfio + mountPath: /dev/vfio volumes: - name: device-plugin hostPath: @@ -75,3 +77,6 @@ spec: hostPath: path: /run/nvidia/validations type: DirectoryOrCreate + - name: vfio + hostPath: + path: /dev/vfio diff --git a/deployments/gpu-operator/templates/role.yaml b/deployments/gpu-operator/templates/clusterrole.yaml similarity index 78% rename from deployments/gpu-operator/templates/role.yaml rename to deployments/gpu-operator/templates/clusterrole.yaml index ef65b1af6..400958cd2 100644 --- a/deployments/gpu-operator/templates/role.yaml +++ b/deployments/gpu-operator/templates/clusterrole.yaml @@ -20,21 +20,40 @@ rules: - clusterroles - clusterrolebindings verbs: - - '*' + - create + - get + - list + - watch + - update + - patch + - delete - apiGroups: - "" resources: - pods - services - - endpoints - - persistentvolumeclaims - events - configmaps - secrets - serviceaccounts + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: - nodes verbs: - - '*' + - get + - list + - watch + - update + - patch - apiGroups: - "" resources: @@ -51,18 +70,22 @@ rules: resources: - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - create + - get + - list + - watch + - update + - patch + - delete - apiGroups: - apps resources: - controllerrevisions verbs: - - 'get' - - 'list' - - 'watch' + - get + - list + - watch - apiGroups: - monitoring.coreos.com resources: @@ -78,9 +101,19 @@ rules: - apiGroups: - nvidia.com resources: - - '*' + - clusterpolicies + - clusterpolicies/status + - nvidiadrivers + - nvidiadrivers/status verbs: - - '*' + - create + - get + - list + - watch + - update + - patch + - delete + - deletecollection - apiGroups: - scheduling.k8s.io resources: @@ -95,7 +128,14 @@ rules: resources: - securitycontextconstraints verbs: - - '*' + - create + - get + - list + - watch + - update + - patch + - delete + - use - apiGroups: - config.openshift.io resources: diff --git a/deployments/gpu-operator/templates/rolebinding.yaml b/deployments/gpu-operator/templates/clusterrolebinding.yaml similarity index 100% rename from deployments/gpu-operator/templates/rolebinding.yaml rename to deployments/gpu-operator/templates/clusterrolebinding.yaml diff --git a/internal/state/testdata/golden/driver-additional-configs.yaml b/internal/state/testdata/golden/driver-additional-configs.yaml index c0c9ffdcd..70fdbbc15 100644 --- a/internal/state/testdata/golden/driver-additional-configs.yaml +++ b/internal/state/testdata/golden/driver-additional-configs.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-full-spec.yaml b/internal/state/testdata/golden/driver-full-spec.yaml index 9a033a30a..8f76608ed 100644 --- a/internal/state/testdata/golden/driver-full-spec.yaml +++ b/internal/state/testdata/golden/driver-full-spec.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-gdrcopy-openshift.yaml b/internal/state/testdata/golden/driver-gdrcopy-openshift.yaml index f43dfd8a8..d445bc5ea 100644 --- a/internal/state/testdata/golden/driver-gdrcopy-openshift.yaml +++ b/internal/state/testdata/golden/driver-gdrcopy-openshift.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-gdrcopy.yaml b/internal/state/testdata/golden/driver-gdrcopy.yaml index df73dd8b0..b8e6fe192 100644 --- a/internal/state/testdata/golden/driver-gdrcopy.yaml +++ b/internal/state/testdata/golden/driver-gdrcopy.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-gds.yaml b/internal/state/testdata/golden/driver-gds.yaml index 906efeb68..3851f4e1e 100644 --- a/internal/state/testdata/golden/driver-gds.yaml +++ b/internal/state/testdata/golden/driver-gds.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-minimal.yaml b/internal/state/testdata/golden/driver-minimal.yaml index a157671bb..6908224aa 100644 --- a/internal/state/testdata/golden/driver-minimal.yaml +++ b/internal/state/testdata/golden/driver-minimal.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-openshift-drivertoolkit.yaml b/internal/state/testdata/golden/driver-openshift-drivertoolkit.yaml index 5ea43da45..74af47acd 100644 --- a/internal/state/testdata/golden/driver-openshift-drivertoolkit.yaml +++ b/internal/state/testdata/golden/driver-openshift-drivertoolkit.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-precompiled.yaml b/internal/state/testdata/golden/driver-precompiled.yaml index 528ac649f..d87a9980c 100644 --- a/internal/state/testdata/golden/driver-precompiled.yaml +++ b/internal/state/testdata/golden/driver-precompiled.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-rdma-hostmofed.yaml b/internal/state/testdata/golden/driver-rdma-hostmofed.yaml index be350df3b..c0f70d584 100644 --- a/internal/state/testdata/golden/driver-rdma-hostmofed.yaml +++ b/internal/state/testdata/golden/driver-rdma-hostmofed.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-rdma.yaml b/internal/state/testdata/golden/driver-rdma.yaml index bae0f7f0e..d26cd0f23 100644 --- a/internal/state/testdata/golden/driver-rdma.yaml +++ b/internal/state/testdata/golden/driver-rdma.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-vgpu-host-manager.yaml b/internal/state/testdata/golden/driver-vgpu-host-manager.yaml index 579b7eb9f..d998d4420 100644 --- a/internal/state/testdata/golden/driver-vgpu-host-manager.yaml +++ b/internal/state/testdata/golden/driver-vgpu-host-manager.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/internal/state/testdata/golden/driver-vgpu-licensing.yaml b/internal/state/testdata/golden/driver-vgpu-licensing.yaml index a33263795..b040bbe93 100644 --- a/internal/state/testdata/golden/driver-vgpu-licensing.yaml +++ b/internal/state/testdata/golden/driver-vgpu-licensing.yaml @@ -56,12 +56,9 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/manifests/state-driver/0210_clusterrole.yaml b/manifests/state-driver/0210_clusterrole.yaml index 47c56af59..c0db68d62 100644 --- a/manifests/state-driver/0210_clusterrole.yaml +++ b/manifests/state-driver/0210_clusterrole.yaml @@ -35,9 +35,6 @@ rules: - apiGroups: - apps resources: - - deployments - daemonsets - - replicasets - - statefulsets verbs: - - '*' + - get diff --git a/tests/holodeck.yaml b/tests/holodeck.yaml new file mode 100644 index 000000000..9f2cbe041 --- /dev/null +++ b/tests/holodeck.yaml @@ -0,0 +1,25 @@ +apiVersion: holodeck.nvidia.com/v1alpha1 +kind: Environment +metadata: + name: HOLODECK_NAME + description: "end-to-end test infrastructure" +spec: + provider: aws + auth: + keyName: cnt-ci + privateKey: HOLODECK_PRIVATE_KEY + instance: + type: g4dn.xlarge + region: us-west-1 + ingressIpRanges: + - 0.0.0.0/0 + image: + architecture: amd64 + imageId: ami-0ce2cb35386fc22e9 + containerRuntime: + install: true + name: containerd + kubernetes: + install: true + installer: kubeadm + version: v1.28.5 diff --git a/tests/scripts/.rsync-excludes b/tests/scripts/.rsync-excludes index 962cde65f..3a945297f 100644 --- a/tests/scripts/.rsync-excludes +++ b/tests/scripts/.rsync-excludes @@ -2,3 +2,4 @@ vendor/ .git aws-kube-ci cnt-ci +key.pem